Capsicum - Projects

There are a number of on-going projects, some listed here:

Kernel capability development - While the basic Capsicum kernel
framework is now complete, maintaining and refining the current
implementation is an on-going task. We anticipate that future kernel features
may be required, such as a more formal notion of groupings of related
sandboxed processes, in order to make garbage-collecting them on application
exit easier.

libcapsicum - libcapsicum provides a variety of APIs to support
application rights, including convenience functions for managing
capabilities, sandbox creation and management functions, and communication
primitives for linking host applications with sandboxes, such as a
lightweight RPC scheme.
As the complexity of consumer applications grow, we expect this library to
expand, especially as relate to nested sandboxes.

User rights angels - In order to provide services to sandboxes, both
simple ones such as the loading of shared libraries, and complex ones, such
as user agent file selection using standard UI dialog boxes, we are creating
angel processes which hold a user's rights, and grant them selectively.
It is conventional to refer to a system-level server process as a 'daemon';
as a slight variation on this theme, we refer to a user's session-level
capability manager as a guardian 'angel'.
We are currently exploring implementing this using the KDE desktop
environment.

Library self-compartmentalization - we are adapting a number of
commonly-used libraries, such as compression and image processing libraries,
to automatically execute risky portions of their code in capability mode
sandboxes.
This will allow largely or entirely unmodified applications, such as web
browers, to benefit from lightweight and easy-to-deploy sandboxing.

chromium-capsicum - A capsicum-enhanced version of Google's
Chromium web browser, which uses
capability mode and Capsicum capabilities to replace sandboxes based on
discretionary and mandatory access control techniques.
The resulting sandbox is both more effective and easier to implement for this
highly complex application.
Available via git from github: chromium-capsicum.